CISA Adds KNX and Oracle Flaws to Exploited Vulnerabilities Catalog
CISA adds KNX and Oracle flaws to exploited vulnerabilities catalog, citing active exploitation. Apply patches and implement detection measures to defend against these vulnerabilities.

CISA has added several new vulnerabilities to its Known Exploited Vulnerabilities catalog, including KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws, due to evidence of active exploitation.
Understanding the Vulnerabilities
The added vulnerabilities include CVE-2023-4346, which affects the KNX Association KNX Protocol Connection Authorization Option 1, and multiple Oracle flaws. These vulnerabilities can be exploited by attackers to gain unauthorized access, execute arbitrary code, or disrupt services.
Vulnerability Mechanics
The CVE-2023-4346 vulnerability is an overly restrictive account lockout mechanism flaw, which can be exploited using MITRE ATT&CK techniques such as Brute Force (T1110). Similar past incidents, like the TP-Link Kasa camera vulnerability, highlight the importance of securing IoT devices and protocols.
Who Is Affected
The affected products and versions include KNX Association KNX Protocol Connection Authorization Option 1 and various Oracle products. The impacted sectors and regions are not limited, as these vulnerabilities can be exploited globally, affecting multiple industries and organizations.
What the Sceptics Say
Some sceptics argue that the vulnerabilities may be overhyped or that patches are already available to mitigate the risks. However, given the evidence of active exploitation, it is crucial for organizations to take immediate action to protect themselves.
How to Defend
- Apply the latest security patches for KNX Association KNX Protocol Connection Authorization Option 1 and Oracle products.
- Implement intrusion detection and prevention systems to identify and block potential exploitation attempts.
- Conduct regular vulnerability assessments and penetration testing to identify and address potential weaknesses.
Key Takeaways
- Security Teams: Prioritize patching and implementing detection measures for the added vulnerabilities.
- CISOs: Ensure that incident response plans are in place and that teams are prepared to respond to potential exploitation attempts.
- Developers: Focus on secure coding practices and implementing robust security measures in products and services.
- End Users: Be cautious when interacting with potentially vulnerable systems and report any suspicious activity to the relevant authorities.
Related Security Coverage
Sources
- Security Affairs: U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
- The Register Security: Attackers target critical FortiSandbox flaws as CISA issues patch order
- CISA Advisories: CISA Adds Three Known Exploited Vulnerabilities to Catalog
This article is published by AnalyticsGlobe for informational purposes only. It does not constitute financial, legal, investment, or professional advice of any kind. Always conduct your own research and consult qualified professionals before making any decisions.
Ananya Rao
Published under the research and editorial standards of AnalyticsGlobe. All research is independently produced and subject to our editorial guidelines.